A Deployment Value Model for Intrusion Detection Sensors
The value of an intrusion detection sensor is often associated with its data collection and analysis features. Experience tells us such sensors fall under a range of different types and are diverse in their operational characteristics. There is a need to examine some of these characteristics to appreciate the value they add to intrusion detection deployments. This paper presents a model to determine the value derived from deploying sensors, which serves to be useful to analyse and compare intrusion detection deployments.
KeywordsIntrusion Detection Intrusion Detection System Sensor Placement Deployment Strategy Disruption Cost
Unable to display preview. Download preview PDF.
- 1.Shaikh, S.A., Chivers, H., Nobles, P., Clark, J.A., Chen, H.: Characterising intrusion detection sensors. Network Security 2008 (9), 10–12 (2008)Google Scholar
- 2.Shaikh, S.A., Chivers, H., Nobles, P., Clark, J.A., Chen, H.: Characterising intrusion detection sensors, part 2. Network Security 2008 (10), 8–11 (2008)Google Scholar
- 3.Chivers, H.: Security Design Analysis. York Computer Science Technical Report YCS 2006/06, University of York, UK (2006)Google Scholar
- 5.Lee, W., Fan, W., Miller, M., Stolfo, S.J., Zadok, E.: Toward cost-sensitive modeling for intrusion detection and response. Journal of Comp. Sec. 10(1-2), 5–22 (1993)Google Scholar
- 6.Stakhanova, N., Basu, S., Wong, J.: A cost-sensitive model for preemptive intrusion response systems. In: 21st International Conference on Advanced Information Networking and Applications (AINA 2007), pp. 428–435 (May 2007)Google Scholar
- 8.Rolando, M., Rossi, M., Sanarico, N., Mandrioli, D.: A formal approach to sensor placement and configuration in a network intrusion detection system. In: Proceedings of the 2006 International Workshop on Software Engineering for Secure Systems, pp. 65–71. ACM Press, New York (2006)CrossRefGoogle Scholar
- 9.Sheyner, O., Haines, J., Jha, S., Lippmann, R., Wing, J.M.: Automated generation and analysis of attack graphs. In: Proceedings of the 2002 IEEE Symposium on Security and Privacy, pp. 273–284 (May 2002)Google Scholar